The invention relates to systems, methods, and computer readable medium to implement security in computer systems.
Computer security can be difficult to define, because people use the term in many ways that depend on the context and overuse the term to sell computers and software. Despite that difficult, many agree that computer security seeks to increase confidentiality, integrity, and availability of data. Specifically, it seeks to increase confidentiality to avoid revealing data to wrong parties, integrity to prevent unauthorized changes to the data, and to increase data availability to the right parties as required.
Although the goals are simple to state, computer security is one of the most challenging problems facing cloud computing and data centers. The basic problem is cloud computing and data centers are networked to many computers, and networks involve layers that are vulnerable to many forms of attack. Another security issue is cloud computing and data centers support multiple tenants (customers sharing computing resources) which may permit a tenant to hack into another tenant's resources. See Wikipedia Multitenancy (2015), which is incorporated by reference herein, describes details of multitenancy.
Further, software is inherently not secure because it can include millions of lines of code, and it is impossible to discover all vulnerabilities and points of attack that can be exploited. Software companies are constantly releasing security patches and updates to protect against software vulnerabilities. Further, the security patches sometimes have bugs and produce new vulnerabilities. Unfortunately, hackers or even criminals and terrorists are working globally to penetrate software and patches and the security mechanism used to protect cloud computing systems. Further, zero-day attacks unknown to software vendors until after the damage is done, cannot be fully addressed by security patches. It seems the good guys are one step behind and not winning, at least consistently. And the press regularly informs that criminals are hacking into computing systems to steal sensitive and private information such as customer identity, social security numbers, and credit card information. For example, TARGET suffered a data breach where criminals stole credit card and personal information of more than 110 million customers in 2013. And Identity Theft Resource Center, ITRC reported 480 data breaches exposing 17 million customers in 2014.
Further, the public may not immediately hear about data breaches because the data center or the cloud provider may seek to fix the problem before reporting the data breach to its customers. Perhaps it may fear loss of customer trust. Thus, cloud and data centers are both seeking for ways to make computing more secure.
Virtualization technology is growing in popularity for many reasons including increased data availability and lowered computing costs. Because virtual machines serve as a foundation of cloud computing and data centers, certain security issues they present cannot be ignored.
Virtual machines present the illusion that each virtual machine known as a guest has the entire physical server known as a host. Thus, instead of a single operating system owning the physical server, multiple operating systems can share the same physical server. Each operating system runs in a virtual machine. The hypervisor is the software that permits this by mapping the virtual resources to the physical resources. This ability to manage different operating systems and applications on a single physical server can dramatically lower operating costs. Virtualization technology also gives the flexibility to resize the amount of computing resources to match the demand.
However, cloud providers cannot provide full assurance of secure computing and data to users. For example, a bad acting tenant on the cloud or data center may attack other tenants or the cloud infrastructure through the network or even through an attack on the hypervisor. As a result, some organizations are not willing to bear the added security risk and fail to fully benefit from the public cloud's advantages. Further, many companies and organizations choose to build a private cloud on their own premises. Future regulations and customer demands will require the public cloud providers and private cloud suppliers to implement security means in order to prevent hostile usage by tenants and malicious exploitation of cloud resources by cloud employees. The issue of computer security is impeding or preventing adoption of data centers and cloud computing.